1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 10:46:38 +02:00
Commit Graph

5579 Commits

Author SHA1 Message Date
Bram Matthys 6604856973 ** UnrealIRCd 5.2.4 ** 2022-01-28 17:03:07 +01:00
Bram Matthys 0843ac64c0 Handle outdated version in the crash reporter:
1) Warn when >= July 1, 2022 that we only do security fixes (but continue the report)
2) Error when >= July 1, 2023 that all support ceased (do not send a report)
3) Handle HTTP 403 condition
2022-01-02 09:47:35 +01:00
Bram Matthys 5b3b50c084 Add variable declaration in innosetup file. 2021-12-29 20:09:59 +01:00
Bram Matthys 8f2e31f911 ** UnrealIRCd 5.2.3 **
This release will be put online at a later date, together with 6.0.1.
2021-12-29 12:18:02 +01:00
k4bek4be 311cdc4639 Make CHATHISTORY not FAIL on a -H channel, sending empty history instead (#156) 2021-12-19 10:41:54 +01:00
Bram Matthys 191ecc0e11 Fix EOL date, apparently I promised July and not June :D. 2021-12-15 07:12:09 +01:00
Val Lorentz da34552027 Send nick!user@host in WALLOPS message from self. 2021-12-10 19:42:38 +01:00
Bram Matthys e1b3016426 Fix set::anti-flood::connect-flood not obeying the 'per XX seconds'
configuration. It was always cleaning up old entries after 2 minutes.
That is, until the first REHASH happened, after that the correct
connect-flood setting was applied.
In practice, with the default configuration, this means that instead
of 3:60 it was 3:120 until the first REHASH, and after that 3:60.

This was caused by update_throttling_timer_settings() being
called before init_throttling().
2021-12-06 17:46:40 +01:00
Bram Matthys 7d4cafd068 Bump version to 5.2.3-git and write some early release notes 2021-12-06 11:54:06 +01:00
Bram Matthys fd81a98364 Add more warnings 3/6/9 months before EOL date (June 1, 2023)
Just like we did in UnrealIRCd 4.
2021-12-06 11:40:20 +01:00
Bram Matthys f65a2ba3d1 Backport fix for memory leak in websocket module. 2021-12-01 09:08:07 +01:00
Ramiro Bou a35b476b05 Sending WALLOPS back to the oper that issued it. (#159) 2021-11-28 10:54:05 +01:00
Bram Matthys dbdac4e304 ** UnrealIRCd 5.2.2 ** 2021-10-03 15:59:13 +02:00
Bram Matthys 3feac27c43 Put arabic-utf8 in the correct group and #if out the hard errror
when mixing UTF8 groups, make it a general warning again as it
may or may not be an issue.
2021-09-22 09:31:47 +02:00
Bram Matthys c51a3d96be Add support for arabic-utf8 in set::allowed-nickchars. Supplied by Sensiva
in https://bugs.unrealircd.org/view.php?id=3734
2021-09-22 09:20:19 +02:00
Bram Matthys 41d8a13b19 Fix crash in set::server-linking::autoconnect-strategy sequential-fallback
when a remote server links to another server.
2021-08-08 15:56:29 +02:00
Bram Matthys 0593dc4b73 Allow SVSLOGIN also if set::sasl-server is not set.
Because yeah... why not.
2021-07-15 10:30:23 +02:00
k4bek4be c5a6f3c549 Make CHATHISTORY subcommands case-insensitive. (#157) 2021-07-11 09:24:56 +02:00
Ramiro Bou 0985728662 Adding sequential-fallback autoconnect strategy (#151)
After successful server connection it will restart from the beginning of the link blocks again.
2021-07-11 09:24:14 +02:00
Val Lorentz 67bfd41e44 chathistory: Use more explicit messages on INVALID_TARGET failure message (#150) 2021-07-11 09:09:18 +02:00
Bram Matthys d726c3aadd Bump version to 5.2.2-git as this is git / work in progress. 2021-07-10 10:03:46 +02:00
Bram Matthys d3c98c73c2 Fix issue where saslmechlist could not be set by services server.
This broke SASL services autodetection and also sasl=x,y,z in CAP.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5960

Of course the easiest solution would be just to set .remote_write=1
for this, which is what I've just done for the 5.2.1.1 release.
But there seems to be a pattern here. When a server wants to write
its own object (irc1.example.net writing to the MD object of
irc1.example.net) we have the problem that that object is both
"our client" and from the other server POV it is "themselves".
On one hand you may want to allow that (eg for 'saslmechlist'), on
the other hand a server writing its own 'certfp' sounds like a bad
idea in principle.
So we now add a new option for the 'self' case and make some MD
objects use it. In fact, in the core we now have zero MD objects
using remote_write. We keep the option available though, for example
for k4be's geoip modules and possibly future features.

Module API change:
* .self_write added which allows a server to write to its own object
  (irc1.example.net writing to the MD object of irc1.example.net)
* .remote_write still exists too if you want to allow remote servers
  to write to your own objects
* Note that in all cases, servers can always write to their own
  (child) client objects.

Changes:
* The link-security MD changed from .remote_write=1 to .self_write=1
* The salmechslist MD now has .self_write=1, this fixes the actual bug
2021-07-10 09:14:18 +02:00
Bram Matthys 8322a48026 ** UnrealIRCd 5.2.1 ** 2021-07-08 17:42:52 +02:00
Bram Matthys b398c3d101 Change default exempt from 127.* to 127.0.0.0/8 so it does not match
arbitrary hosts that have a host starting with "127.". A rather stupid
oversight on my part, really.

In the meantime, if this happens, then you can still resort to using
ZLINE/GZLINE as a workaround to ban such a user. (The exemption won't
match against the host because DNS lookups are not done for zlines)

Reported by armyn in https://bugs.unrealircd.org/view.php?id=5957
2021-07-07 09:21:17 +02:00
Bram Matthys 94993a03ca ** UnrealIRCd 5.2.1-rc1 ** 2021-07-03 14:42:34 +02:00
Bram Matthys 1d62ca1153 Send account tag to recipient on INVITE.
Reported by ProgVal in https://bugs.unrealircd.org/view.php?id=5951
2021-07-03 14:18:15 +02:00
Bram Matthys 527726be41 Take message tags into account when calculating fake lag.
This was more of a oversight because the cmdbytes calculation happens
in a different function after message tags have already been processed.
Also, wasn't really important up to now since we only allow quite short
tags at the moment.

Instead of just counting these in cmdbytes, as would be the most logical
and easiest fix, we use a different strategy:
We use a separate counter for message-tags so clients benefit from the
"rounding down rule". In other words: the first xyz bytes give you
no extra penalty compared to before (eg they are "free"). Useful for
clients who use eg @label heavily.
By default this is 90 bytes for unknown-users and 180 bytes for
known-users. See lag-penalty-bytes in set::anti-flood.
2021-07-03 09:33:19 +02:00
Bram Matthys ee9db59d36 Fix two more small memory leaks on REHASH.
Now we are at zero leaks again with ASan, or so it seems.
2021-07-02 11:42:58 +02:00
Bram Matthys 12299b45bf Fix small memory leak on REHASH (<1kb): free set::anti-flood block 2021-07-02 10:56:51 +02:00
Bram Matthys abaed84190 Order CHATHISTORY TARGETS response in descending order (newest first)
https://bugs.unrealircd.org/view.php?id=5904
2021-07-02 10:42:40 +02:00
Bram Matthys 35f8598f3f Fix crash if using persistent channel history: if you had ANY rehash error
(often completely unrelated to channel history) and you then rehashed again
UnrealIRCd would crash. Reported by gh0st.
May be the same issue as reported by adamus1red in
https://bugs.unrealircd.org/view.php?id=5943

This has to do with SavePersistentPointer/LoadPersistentPointer calls
which normally work fine but this particular module uses it in MOD_TEST
causing a certain sequence of events causing a double free or read-
after-free if you do it slightly differently.
2021-07-02 09:16:58 +02:00
Bram Matthys 696d5f05fb Last argument in fd_open() is now used to indicate what should be done on a
later fd_close() call. This also removes fd_map() since fd_open w/FDCLOSE_NONE
now does that.

* If you use fd_socket() or fd_accept(), then no change.
  When fd_close() is called we call close() on *NIX and closesocket() on Win.
* If you use fd_fileopen(), then no change.
  When fd_close() is called we will call close() on both *NIX and Win.
* If you used fd_open() and then fd_unmap() because you didn't want us
  to close the socket, then use fd_open() with FDCLOSE_NONE and
  just call fd_close() instead of fd_unmap().
  We will not actually close the fd in fd_close() (FDCLOSE_NONE).
* If you called fd_open() with other intentions then either specify a
  FDCLOSE_SOCKET / FDCLOSE_FILE as the last argument, or more likely:
  don't use fd_open() at all and use fd_socket() or fd_fileopen() instead.

For reasons on this change, see previous patch. This way is more sane and
makes it harder to make mistakes even beyond Windows-specific issues.
2021-06-30 11:33:46 +02:00
Bram Matthys 329f48334c I/O engine: track if a fd is a file or socket, needed for Windows.
This fixes a file descriptor leak in Windows that happened in the
logging code. The most visible effect of this was if you had a
log::maxsize set then on Windows you would see:
"Max file size reached, starting new log file"
Every other line, forever (and not actually starting a new log).

fd_close() previously did not close the file descriptor of a file
on Windows because on Windows it needs to call close() for a file
and closesocket() for a socket, and it always did the latter.
On *NIX it's more easy and you can just always close() any fd.
2021-06-30 11:06:44 +02:00
Bram Matthys a44b1cb63e Fix ./unralircd genlinkblock printing out a confusing error message if
you have serversonly listen block without tls.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5945
2021-06-30 10:06:19 +02:00
Bram Matthys 0bd2cfd0fc Update file_exists() function to work with directories on Windows.
And then let's use the similar (and faster) function on Linux too.
2021-06-28 19:33:14 +02:00
Bram Matthys cf5966cce4 Call early_init_ssl() even more early, fixes './unrealircd module list'
from crashing and other symptoms.
Crash was introduced with the OpenSSL 3.0.0 changes from
a541b8f4ad, so 9 days ago.
2021-06-28 08:18:43 +02:00
Ramiro Bou 26295151a9 Add microsecond precision to TSCTL ALLTIME (#147) 2021-06-28 06:27:02 +02:00
Bram Matthys c667662e9b Windows: Allow UnrealIRCd to be terminated gracefully (without prompt)
via taskill /im unrealircd.exe. Needed for BuildBot.
2021-06-27 19:21:56 +02:00
Bram Matthys 30155ddd7c Only call reinit_tls() when rehashing. 2021-06-27 17:22:15 +02:00
Bram Matthys 79740c4a38 Make "REHASH" and ./unrealircd rehash also run the same code as "REHASH -tls",
if on OpenSSL 1.1.1 or later.

We trust OpenSSL 1.1.1 and later to be good enough to handle all
the reference counting and freeing nowadays, which is something that
was not done correctly in (much) older OpenSSL versions, leading
to crashes on one hand and on memory leaks on the other hand.

In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
since that code has not been vetted. However, nobody should be
running those old OpenSSL versions anyway, since they are out of
official OpenSSL support.
2021-06-27 15:38:40 +02:00
Bram Matthys a8e52fdead Bump sjoin module version to 5.1
[skip ci]
2021-06-27 07:41:21 +02:00
Bram Matthys c37c965506 Fix SJOIN not properly propagated due to a copy-paste error in the SJSBY
vs non-SJSBY code. Reported by puckipedia in
https://bugs.unrealircd.org/view.php?id=5934
2021-06-27 07:39:02 +02:00
Bram Matthys 2afc57aa38 Use IsLoggedIn() macro everywhere where possible.
Based on previous reports and patches from k4be in
https://github.com/unrealircd/unrealircd/pull/129

Looks much cleaner now.

This also filters out the edge case where user_account_login()
could have been called when a user transitioned from "not logged in"
to "unconfirmed account". It did not cause any issues AFAICT but
it is not really expected either.
2021-06-26 11:47:08 +02:00
Bram Matthys 68d172854d Remove IsARegNick() as we already have IsRegNick() 2021-06-26 11:19:47 +02:00
Bram Matthys 9f10fa2193 Improve error message when trying to use SASL with an unconfirmed
services account.

This adds set::authentication-prompt::unconfirmed-message with
a default of:
unconfirmed-message "You are trying to use an unconfirmed services account.";
unconfirmed-message "This services account can only be used after it has been activated/confirmed.";
See https://www.unrealircd.org/docs/Set_block#set::authentication-prompt

Note that this is only shown for services which allow SASL from
unconfirmed services account in the first place, like atheme.
Anope does not allow it, which is something that could very well
be considered 'correct' as well. In that case you would simply
get the "Authentication failed" message instead
(set::authentication-prompt::fail-message).
2021-06-26 11:03:53 +02:00
Guillaume Hérail 317b3df01e modules/tkl: Fix wrong tkl names in table (#139) 2021-06-26 09:27:55 +02:00
Ramiro Bou 4dbc1f8771 Allow remote servers to write to the link-security MD object (#145) 2021-06-25 14:50:53 +02:00
Bram Matthys 26a3444f4e Validate the UID in cmd_uid(). Reported by Valware in
https://bugs.unrealircd.org/view.php?id=5925

This does two things in cmd_uid() now:
* It checks if parameter 6 in UID is a valid UID, using valid_uid()
* It checks if the first 3 characters of the UID match the SID
2021-06-25 11:47:23 +02:00
Bram Matthys e9e2504bf4 Don't allow remote servers to write to our MD client objects by default.
Modules can still opt-in via mreq.remote_write=1 to allow it for
certain moddata.
For example, k4be may want to do this for his geoip-base module which
allows a single server to set moddata "geoip" for all connecting clients,
including remote clients.
If you are a moddata provider then you can enable it like this:
 ModDataInfo mreq;
 [..]
 #if UNREAL_VERSION_TIME >= 202125
 mreq.remote_write = 1;
 #endif
 [..]

See discussion on https://github.com/unrealircd/unrealircd/pull/142
2021-06-25 11:28:32 +02:00
Bram Matthys e80c7b5b65 Add set::anti-flood options lag-penalty and lag-penalty-sec.
This also allows known-users to execute slightly more commands per second.

For people who want their trusted users/bots to allow even more commands
per second (eg 20cmds/sec) we now have a nice FAQ item that uses this:
https://www.unrealircd.org/docs/FAQ#high-command-rate
2021-06-23 16:21:06 +02:00